<ramble>Jesus... I've been going through AT&T syntax Assembly now for a few months interspersed with JNCIS-SEC (fast track leisure study) and a hodge-podge of other things... Definitely time consuming.</ramble>

I'd have to say the following in order:

Operating SystemsNetworkingCreativityProgrammingApplicationsDatabases

Operating SystemsOperating systems - You'd want to obviously know your way around most common operating systems. Any and all you can learn is beneficial. I had to puke RACF stuff for a while as it wasn't commonly used. I suggest for *nix based systems, familiarizing yourself with Rosetta Stone (http://bhami.com/rosetta.html). For Windows - whatever you can get your hands on. I'm definitely not as strong as I should be for Windows based systems from the administrative side however, from the compromise side I have no problems.

The difference in this (strength/weakness) is, on a *nix box, I'm versatile and stealthy. Penetration comes easier believe it or not via way of system administration. I'm familiar with the system itself. I know what perms, groups, filetypes, etc., to target. On a Windows machine there are many variables many don't take into account (DLL's, OCX, misconfigured groups, etc.)

NetworkingIf you don't know HOW it's connected. HOW would you know how to escalate throughout the network. Understanding networking topology, traffic patterns, packets, etc., can save you an enormous amount of time and resources not only from a penetration testing perspective, but also from a troubleshooting perspective. Imagine performing a pentest WITHOUT the usual network enumeration tools (netmap, hping, etc.) Can you garner information about another machine? How? TTL, Window Size, DF and TOS are your friend. Each OS has their own parameters, e.g.:

This is information that could be gathered using tcpdump, Wireshark... *Sniffer of choice* without having to run nmap. So think about this for a moment... Do you ALWAYS need to use NMAP? Not really. Versatility!

CreativityLife is too short, yet too long to be doing the same old same old. Use your brain and have fun with what you do. Don't be afraid to break from the herd and try out your own thing from time to time.

ProgrammingMust... Any language, any time, all the time. Pick your poison. Don't let zealots stop you from learning a particular language. Each has their own pro and cons and I don't believe any specific one is better than another. There are preferences. I use a combination of perl, python, expect, shell and ruby for "scripting" and automation. Depending on what I need done, I pick one suitable for the moment. From a pentest perspective, you may need to be this versatile. For example, suppose on a pentest you escalate to a machine where you don't have a specific language - say perl or python... Then what? Can you accomplish your task with normal system commands, awk, sed, etc?

ApplicationsYou don't necessarily need to be a grandwizard in applications however, I suggest learning about the OSI layer instead and understanding at which intersection do programs play with each other. Session Layer, Presentation Layer, Application Layer. Each has a distinct role at the end of the day and each WILL have a weakness.

DB/SQLPersonally, I feel this falls into programming. SQL syntax is pretty common across the board. Setting out to study say Oracle would be a full time job. Not to mention, for that might as well become an Oracle DBA (they make a killing!). I say, understand the general syntax.

Last but not least... Again, have FUN with what you learn. If you're doing it solely for the money, you'll fail. Sure there is money to be made as a pentester, security professional, ethical hacker, NAME_YOUR_ROLE however, when you're passionate about what you do and you enjoy it, you're likely going to retain more of what you learn and it will become easier to accomplish what you set out to do.

@Sil: A few months ago, I would have been shocked to see "creativity" in third place. But now, I almost feel it should be in second place... (I miss a lot of that...)

For Operating Systems, what would you say is better: Know about 20% of 10 different OS or knowing very, very well Windows and Linux/Unix? (Although Windows XP and Windows 2008 Server are quite different!)

I ask this question because I know Windows and Linux "enough", maybe 50% of each. I am about to get my hands durty with FreeBSD and then focus more on the network side (online Cisco courses!!).

While this is certainly not a waste of time, could I use my time on more important things? (it depends of course, but still...)

Last edited by caissyd on Tue Sep 07, 2010 3:43 pm, edited 1 time in total.

You should put a proportionate amount of emphasis into whatever OS based on how much you work with it (or anticipate you'll work with it). The majority of our customers make heavy use Windows-based OSes and hardly any use Solaris. Guess which one I know pretty well and which one I ask stupid questions about on online forums.

That's not to say you shouldn't learn new things and broaden your horizons just for the sake of increasing your knowledge, but it would be foolish to gloss over things that are immediately beneficial or necessary for the sake of doing so. As you said, "it depends."

H1t M0nk3y wrote:"For Operating Systems, what would you say is better: Know about 20% of 10 different OS or knowing very, very well Windows and Linux/Unix?"

Seriously a tough call here so I will explain my take on this. For what it's worth and where it counts more, I say *nix based systems with my reasoning for this answer following.

Browse over to Netcraft and have a look at what most Fortune 100's are running. Take a pick at a specific industry and have a serious look at what's powering them. If you answered Windows + MSSQL, you're way off base.

Oracle + Linux or Solaris move data around for some of the biggest companies on the planet. Citigroup - Solaris, Major League Baseball which pushes some serious databases, Solaris + Oracle,

And the list goes on. This is not to say that Windows isn't used, but it's not truly used where the cash is flowing. This is where you'd want your client-base, where they won't balk at your fees as a pentester. Government work? Solaris + Other nix variants all the way.

With that said, this is the server side. Where the most precious data is housed/stored/transmitted. In the office environment, Windows rules but the harsh reality is, somewhere along the lines you WILL need to know *nix based systems. So ask yourself, do you want to pentest a webserver or some local desktops for a "fistful of dollars" or would you rather go with where you'll not only earn some serious money, but get around to playing with "big boy toys"

I know this response is not within the scope of this thread but just have to say.. SIL is like a god... everywhere I see a post from SIL on EH I just have to read it even if I am not specifically interested in the topic ... what does SIL stand for SECURITY I LIVE?